Delete webhook subscription.

curl --request DELETE \
  --url https://sandbox.api.openfx.com/v1/webhooks/subscriptions/{webhookSubscriptionId} \
  --header 'Authorization: Bearer <token>' \
  --header 'Idempotency-Key: <idempotency-key>' \
  --header 'X-Signature: <api-key>' \
  --header 'X-Timestamp: <api-key>'

{
  "error": {
    "type": "authentication_error",
    "code": "invalid_api_key",
    "message": "The API key provided is invalid or has been revoked.",
    "status": 401,
    "requestId": "req_01953e1a5f4b7b02",
    "retryable": false
  }
}

DELETE

webhooks

subscriptions

{webhookSubscriptionId}

Delete webhook subscription.

curl --request DELETE \
  --url https://sandbox.api.openfx.com/v1/webhooks/subscriptions/{webhookSubscriptionId} \
  --header 'Authorization: Bearer <token>' \
  --header 'Idempotency-Key: <idempotency-key>' \
  --header 'X-Signature: <api-key>' \
  --header 'X-Timestamp: <api-key>'

{
  "error": {
    "type": "authentication_error",
    "code": "invalid_api_key",
    "message": "The API key provided is invalid or has been revoked.",
    "status": 401,
    "requestId": "req_01953e1a5f4b7b02",
    "retryable": false
  }
}

Authorizations

Authorization

string

header

required

API key issued at onboarding. Passed as a Bearer token in the Authorization header: Authorization: Bearer <api-key>. Identifies the caller and determines organization scope. Invalid or revoked keys return 401 with error type authentication_error.

X-Signature

string

header

required

Ed25519 or RSA-SHA256 asymmetric signature over the request payload (ADR-0015). Provides request integrity and non-repudiation. The signature covers the HTTP method, path, query string, request body, and timestamp. Invalid signatures return 401 with error type authentication_error.

X-Timestamp

string

header

required

Unix timestamp (seconds) of when the request was signed. Server rejects requests where the timestamp drifts beyond +/-60 seconds from server time to prevent replay attacks. Must match the timestamp used in the signature computation.

Headers

Idempotency-Key

string

required

Idempotency key for this request. UUID v4 recommended. Max 128 characters. 24-hour retention. Same key + same body replays original response with Idempotency-Replayed: true. Same key + different body returns 409 (code: duplicate_idempotency_key). Same key while the original request is still processing returns 409 with a Retry-After header (code: idempotency_key_in_flight).

Maximum string length: 128

Example:

"550e8400-e29b-41d4-a716-446655440000"

Path Parameters

webhookSubscriptionId

string

required

Unique identifier of the webhook subscription (wsub_ prefix). Webhook subscription resource identifier.

Pattern: ^wsub_[A-Za-z0-9]+$

Example:

"wsub_01953e1a5f4b700a"

Response

Webhook subscription deleted.

Update webhook subscription Send test webhook delivery

Identity & Onboarding

Accounts & Balances

FX & Conversions

Counterparties & Payment Methods

Payments & Transfers

Ledger

Events & Webhooks

Payment Rails Discovery

Delete webhook subscription.

Authorizations

Headers

Path Parameters

Response